<?php
/**
 * Modify by 			peace@warmyc.n
 * Creat Date			2009-03-12
 */
cache_delete_manage();
$cmd = isset($_GET['cmd'])? strtolower($_GET['cmd']) : 'list';
switch($cmd)
{
	case "add":
		Add();
		break;
	case "edit":
		Edit();
		break;
	case "delete":
		Del();
		break;
	case "save":
		Save();
		break;
	default:
		$cmd	= "list";
		View();
		break;
}
/**************************************************************************************************
功能列表
**************************************************************************************************/
function View()
{
	set_cookie("SYSTEM_HTTP_REFERER", $_SERVER["REQUEST_URI"]);
	/**********************************************************************************************
	获取所有功能点
	**********************************************************************************************/
	$sql="select count(*) from `".USERTABLE."` ";
	$rowCount=$GLOBALS['db']->query_value($sql);
	$p = new WPagenav;		//建立新对像

	$p->file=ATHENA_SCRIPT_INDEX;		//设置文件名，默认为当前页
	$p->pvar="page";	//设置页面传递的参数，默认为p
	$p->setvar(array("Model" => $GLOBALS['ATHENA_MODEL']));
	$p->set($Page_size=20,$rowCount,0);
	$sql = "select * from `".USERTABLE."` LIMIT ".$p->limit();
	$row = $GLOBALS['db']->query_row($sql,MYSQL_ASSOC);
	
?>
	<table Class="yc" cellspacing="1" cellpadding="0">    
      <tr>
		<th></th>
	    <th  width="200">名称</th>
      </tr>
	  <?	
			for($i=0;$i<count($row);$i++)
		{
			 print("<tr>");
			 print("<td width=\"0\" style=\"text-align:center\">");
			 print("<input type=\"checkbox\" name=\"id[]\" value=\"".$row[$i]['id']."\"></td>");
			 print("<td width=\"100%\">");
			 print("<a href=\"".ATHENA_SCRIPT_INDEX."?Model=".$GLOBALS['ATHENA_MODEL']."&cmd=edit&Id=".$row[$i]['id']."\">");
			 print($row[$i]['username']);
			 print("</a></td>");
			 print("</tr>");
		}
	
	  ?>
	  <tr>
	  <td colspan="2" style="text-align:center;">
		<?
		$p->output(0);
		?>&nbsp;
		</td>

	  </tr>
    </table>
<br>

<?}
function Edit()
{
	//申明全局变量
	//获取设置权限的用户组
	$userid			= $_GET['Id'] && ereg("^[0-9]+$",$_GET['Id']) ? $_GET['Id'] : 0;
	if($userid == 0)
		ANotify::halt("请选择需要设置权限的管理员！",'ERR');
	//获取当前用户名称
	$sql	= "select CONCAT(username,'（',realname,'）') AS a from `".USERTABLE."` where id='$userid'";
	$u_str	= "";
	$u		= $GLOBALS['db']->get_one($sql,MYSQL_NUM);
	if(!$u)
	{
		ANotify::halt("选择的管理员已被删除",'ERR');
	}
	else 
	{
		$u_str	= $u['a'];
	}
	//初始化当前组权限
	$group_right	= new warmy_right($GLOBALS['db'],$userid,'U');
	//获取所有功能点
	if(array_search(1,$GLOBALS['USER_RIGHT']['GROUPS'])!==false)
		$tree_all 		= new Warmy_tree($GLOBALS['db'],"");
	else 
		$tree_all 		= new Warmy_tree($GLOBALS['db'],$GLOBALS['USER_RIGHT']['RIGHTS']);
		
?>
	<table Class="yc" cellspacing="1" cellpadding="0">  
	<tr>
	  <th><?=$u_str?></th>
	</tr>
	<tr>
	    <td  id="right_list">
		  <?$tree_all->PrintTreeEx($group_right->right);?>
		</td>
	  </tr>
	  <tr bgcolor="#FFFFFF">
		<td  height="50" style="text-align:center">
			<input name="Submit" type="submit" class="button" value="保存" onclick="AppendCmd('save')"/>
	      	<input name="back" type="submit" class="button" value="返回" onclick="AppendCmd('back')"/>
	      	<input type="hidden" name="SYSTEM_HTTP_REFERER" value="<?=get_cookie("SYSTEM_HTTP_REFERER")?>">
			<input type="hidden" name="ID" value="<?=$userid?>">
		</td></tr>
    </table>
<script language="javascript" src="js/wfloat.js"></script>
<script language="javascript" src="js/right.js"></script>
<br>
<?	
}
function save()
{
	
	//保存修改记录
	//获取选择的所有权限

	$checked = array();
	if(isset($_POST['Id']))
		$checked=$_POST['Id'];
	//获取当前修改权限的用户ID
	$user=$_POST['ID'];
	Add_Op_Log("修改用户权限");
	//没有选择任何权限，则删除当前用户的所有权限

	if(count($checked) == 0)
	{
		$sql = "delete from `".RIGHTTABLE."` where Name='$user' and Type='U'";	
		$GLOBALS['db']->query($sql);
		ANotify::halt("修改用户权限成功！",'SUCCESS');
	}
	else
	{
		//获取当前用户的继承权限

		$inheritRight = new warmy_right($GLOBALS['db'],$user,$type='U',true);
		//计算差异权限
		$right		= array();
		for($i=0;$i<count($checked);$i++)
		{
			$m		= 0;
			if(defined("MICRO_RIGHT_SET"))
			{
				if(isset($_POST["fun_{$checked[$i]}"]) && ereg("^[0-9]+$",$_POST["fun_{$checked[$i]}"]))
					$m	= $_POST["fun_{$checked[$i]}"];
			}
			else 
				$m = 7;
			//判断选择的功能点，组权限中是否存在

			if(array_key_exists($checked[$i],$inheritRight->right))
			{ 
				if($m > 0)
				{
					$t	= $inheritRight->right[$checked[$i]] ^ 15;
					if(($m & $t) > 0)
						$right[$checked[$i]]	= $m & $t;
				}
			}
			else
				$right[$checked[$i]]	= $m ;
		}
		
		//差异权限，所有KEYS
		$k		= array_keys($right);

		//差异字符串

		$str = implode(",",$k);
		if ($str == "")
		{
			//没有任何新的特殊权限，则删除用户原由的特殊权限

			$sql = "delete from `".RIGHTTABLE."` where Name='$user' and Type='U'";
			$GLOBALS['db']->query($sql);
		}
		else
		{
			//删除原有设置的特殊权限而又不在本次设置的特殊权限中的权限

			$sql = "delete from `".RIGHTTABLE."` where Name='$user' and Type='U' and Fun not in($str)";
			$GLOBALS['db']->query($sql);
			for($i=0;$i<count($k);$i++)
			{
				//判断记录是否存在，不存在则新增加记录，如果存在判断新设置的权限，继承权限是否有，如果没有则设置

				//新的特定权限
				$sql	= "select * from `".RIGHTTABLE."` where  Name='$user' and Type='U' and Fun = '{$k[$i]}'";
				$r		= $GLOBALS['db']->query_row($sql,MYSQL_ASSOC);
				if(count($r) == 0)
					$sql	= "insert into `".RIGHTTABLE."`(Name,Type,Fun,`micro`) values('$user','U','{$k[$i]}',{$right[$k[$i]]})";
				else 
					$sql	= "update `".RIGHTTABLE."` set micro='{$right[$k[$i]]}' where Id='{$r[0]['Id']}'";
				$GLOBALS['db']->query($sql);
			}
		}
		
		ANotify::halt("修改用户权限成功！",'SUCCESS');
	}	
}
?>